477ee562b3c1d71d1a985370972c3ed603d581dbc6dfda71f1ebc23370528195

Analysis

max time kernel
139s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 13:39

Target

569c2421af53382e6c3951b65ff86f4d.dll
Size

862KB
MD5

569c2421af53382e6c3951b65ff86f4d
SHA1

f06842f64d46d4a127bc19b8f12cb7db1750f9bb
SHA256

477ee562b3c1d71d1a985370972c3ed603d581dbc6dfda71f1ebc23370528195
SHA512

9a5a28d47a9ed8179f37f51aa0daa72f09010cb45d70726b2f5374f1650fee23f32e13a0ea9c2507a49c2673273d2aad4219c216bd3036ba0a1c456107d161cf
SSDEEP

24576:CQOX6eCBoXXoiZqF3mHwv8EUAVl+Sx+dAysJhwMntf:CQCAqXoZWHHAz+Sx+WysjwCt

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
860	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 860	4976	rundll32.exe	53
PID 4976 wrote to memory of 860	4976	rundll32.exe	53
PID 4976 wrote to memory of 860	4976	rundll32.exe	53

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\569c2421af53382e6c3951b65ff86f4d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\569c2421af53382e6c3951b65ff86f4d.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:860